Oracle has popped out a white paper that may well turn some heads, because it contains robust criticism of open source software.
Titled “The Department of Defense (DoD) and Open Source Software” and available here as a PDF to those with Oracle accounts or here in Dropbox, the document's premise is that folks in the USA's …

Commercial Software Vendor hates FOSS!

Re: Commercial Software Vendor hates FOSS!

No reasonably complex software ecosystem "just works" - be it FOSS or otherwise you numpty!

However, a much more pressing reason why the DoD should not be getting involved in software development is the seeming inability of government departments to do anything well. Certainly if they are anything like UK government depts. are at specifying and obtaining delivery of projects then the whole thing will be a cluster-fuck from beginning to end.

And before the pro and anti brigades turn up to shout me down for apparently supporting the opposite side to them perhaps they'll do me the courtesy of using reading comprehension skills to note that I haven't made any statement about which type of software they should be using, simply that they should not be developing it themselves.

[Cue someone being unable to comprehend that last point and replying to accuse me of being pro-Microsoft/an Apple fanboy/a freetard <delete as appropriate to the particular bent of the poster's fucktardery> in 5...4...3...2...1...]

Re: Commercial Software Vendor hates FOSS!

"Certainly if they are anything like UK government depts. are at specifying and obtaining delivery of projects then the whole thing will be a cluster-fuck from beginning to end."

Seconded. This new spine 2.0 project in NHS they have started sounds really interesting. Whether the NHS manage to turn it into one huge "clusterfuck" is yet to be seen. But going by past projects its a ticking time bomb.

Re: Commercial Software Vendor hates FOSS!

Actually, if it's being developed inhouse chances are that somebody involved will stand up and tell the people doing it that if they change the requirement 400 times that it's going to take ages and cost loads. Chances are that they also have some idea what is actually meant to be achieved, unlike consultants.

Re: Commercial Software Vendor hates FOSS!

"Actually, if it's being developed inhouse chances are that somebody involved will stand up and tell the people doing it that if they change the requirement 400 times that it's going to take ages and cost loads"

If only that were likely to make any difference. I agree that that's what should happen, but it should happen whether the job is being done in house or not - the sad fact is that the people involved will each want to put their stamp on it and will likely ignore any warnings from the people that know better but are lower down the food chain. At least that's always been my experience.

Re: if it's being developed inhouse ...will stand up and tell the people...

UK military (old days) probably

UK military (today) possibly

US military (last 100 years) no chance

If you are a USAF colonel who points out that the troop carrier being tested, is not fit for purpose, needs real testing, and major re-work to make safe, first you get sent to Alaska, then you are volunteered for retirement. (i.e. Colonel Burton and the Bradley programme)

Re: Commercial Software Vendor hates FOSS!

Actually, if it's being developed inhouse chances are that somebody involved will stand up and tell the people doing it that if they change the requirement 400 times that it's going to take ages and cost loads. Chances are that they also have some idea what is actually meant to be achieved, unlike consultants.

Not really, after the first few weeks of pointing this out daily, ranting and raving about it, it just becomes a form-letter, for which there is a scripted deletion of. I think you must not understand the ability of bureaucracy to remove any semblance of sensibility from any organization.

Re: Commercial Software Vendor hates FOSS!

Re: Commercial Software Vendor hates FOSS!

Numerous governments / military also recognise the disadvantages and security risks of FOSS, Hence Windows for Warships on US army ships and UK submarines, the UK Army using Windows pretty much everywhere, etc, etc...

FOSS is only normally considered for very isolated console type applications. For instance controlling a drone...

Re: Commercial Software Vendor hates FOSS!

Re: Commercial Software Vendor hates FOSS!

Um, you might want to withdraw that. The US Army does in fact have ships and watercraft. Quite a number of them too. We have a large number of LSTs, we call them the LST 2000 class, as well as dry cargo and ammunition transports which are crewed by the Military Sealift Command with the USAV (US Army Vessel) prefix. They don't get alot of press but we do have them. One of the units at my Reserve Center, the 143d Expeditionary Sustainment Command, as well as the Regular Army's Surface Deployment and Distribution Command has a detachment over at the Cape (Cape Canaveral) which supports NASA, the Air Force, and Army units coming back from the CENTCOM and SOUTHCOM Areas of Responsibility. They're a pretty damned busy unit too, and they're not well staffed because we hardly get any Navy Prior Service people who want to be what would amount to being a Boatswain's Mate but in the Army Reserve or Army.

In fact when it comes to numbers, the Army has more watercraft than the Navy by about 10 to 1, and that's excluding our amphibious Armored Vehicles like modified versions of the Stryker, Amphibious HMMWVs, and the mobile bridges that the Corps of Engineers use.

We've also had an experimental High Speed Vessel-class catamaran called the USAV Joint Venture (HSV-1), which is out of service now as it was leased from the Australian Manufacturer Incat, and the lease expired. But it was a joint project between the Transportation Corps and the Navy's NAVSEA and it was crewed by an Army crew for 2/3rds of its service life.

There's also an entire MOS (Military Occupational Specialty) for Enlisted Army Mariners (The term Sailor belongs to the Navy and we don't step on each other's toes anymore, this isn't Imperial Japan), called 88K (88 Kilo), as well as a Warrant Officer MOS, and a Commissioned Officer Career Field, both of which escape me and I dont feel like going through HRC's website to find out, but they do exist.

I was an Enlisted Career Counselor, a 79C, for about two years before I went back to the Military Intelligence branch (yes yes, oxymoron, ha ha, not like I haven't heard that 50,000 times), which is my basic branch, and to WOCS (Warrant Officer Candidacy School), so I know most if not all of the Enlisted MOS in the Army currently and before the last set of major changes in 2008.

Re: Commercial Software Vendor hates FOSS!

Re: Commercial Software Vendor hates FOSS!

Software is developed by people - I am curious as to what is it that makes you think that the people who work for EDS/Accenture etc are more capable of developing software than the people who work for any government department? From the tone of your comment it would seem as if you believe that people who work for Oracle etc are of a higher calibre than government employees. From my experience the picture is much more nuanced, there are plenty of good people who work for governments, and plenty of idiots who work for the private sector, and vis vers. A lot of failed government projects have been as the result of mismanaging external suppliers which could be the fault of either. If you do not wish to have ongoing issues with computer systems for governments then there is an argument that taking skills back inhouse would be the right thing to do.

No surprise there then

...But having worked on a number of large scale projects deploying Larrys fully featured off the shelf software, I can personally vouch for the fact that (in my experience) their software can often require as much manpower to configure and make perform as it would have done to build the same business functionality from available open source resources.

That is multiplied when the implementation (and 'architecture') is outsourced to the usual incompetent major SI suspects, who wheel the A team in for the sales pitch and then dish the real work out to (usually) incomptent off shore resources who often ust dont have the nous or experience to know how to get the best out of the software theyre working with, as theyve just come off their Java certification course or whatever.

Providing you have adequately defined, business driven requirements, a PM & architects who are interested in delivering success rather than their own egos - major projects are most definitely deliverable using the wealth of (advanced) open source products that are out there.

Re: No surprise there then

"Providing you have adequately defined, business driven requirements, a PM & architects who are interested in delivering success rather than their own egos - major projects are most definitely deliverable using the wealth of (advanced) open source products that are out there."

But exactly the same is true of closed source products, the problem is normally not the products, it's finding a PM & architects (and the main decision makers for the "client") who are interested in success over their own ego and/or prejudices.

Re: No surprise there then

Re: No surprise there then Skein is probably an appropos term

http://www.merriam-webster.com/dictionary/skein

In 2000, a company that gobbled up my company had thousands of permutations of its own products to only a few hundred of our own, yet, we produced more income quarterly. They nevertheless took to destroying our Vantive database developed in-house, which required all of TWO devs, the senior dev and a friend of mine I helped get hired into the company. An Orca development team ended up planting tthemselves on the manufacgturing floor, in an office that soon grew to around 20 imported devs, probably living 4 or 8 to an apartment meant for 4 people, or maybe they were just living in their own digs.

So, lets, see: Vantive, with a robust customer support and pain index build into the database, with a vastly deep and easy way to dashboard trouble tickets, for less than a few hundred thousand over a 5 or so year period, vs Oracle, costing MILLIONS in the first year to two of acqisition.

I guess, to be fair to Oracle, it depends on the size of your project, and how big the ego of the CEO is and the amount of "insurance" is needed for the project. By all rights, that Orca team's database should have been built in Vantive, not the other way around. Especially since the in-meeting comparisions and dev delays led to the Orca team causing or feeding into vocifious, vicious in-meeting fights. An example: in Vantive, we had a "to-do" and "customization request" tab at the end of the tabs strips. Any dev or tech support rep encounting an issue with the way the db or interface worked during a tech call could be documented ON THE FLY while it was stil fresh in the mind. Not so with the Orca implementation. They deconstructed every last fucking form and other view, and reduced the global views to mere panels able to hold two to 8 fields, burying access behind myriad access controls, as if the CEO wanted to hide the BOMS and product tiers. Trouble callss that took our subsumed techhies 4-6 minutes to initiate, document, RMA, and log out in Vantive ended up in Orca'ss balleen sieve taking 8-15 minutes, grinding down tech and client.

Sigh. I hope Oracle has improved since 2000/2001. Not good to build a tech database that defies drill-down, overview, and cross-comparison of cases meant to arrive at rapid resolution and fix suggestion just because someone wants to "homogenize" the support infrastructure.

Snowden bandwagon

A lot of recent comment on Snowden ("more damaging than the cold war soviet moles") has been screaming out that our NSA/GCHQ practice Security By Obscurity. Perhaps someone at Oracle thought that makes it an opportune moment to build on that sentiment?

Lock In

Larry likes to lock his customers in, it now appears that he also wants to lock in the DOD.

If the DOD choose to go this route they will probably regret it in as little as 5 years time when they have to spend billions re-developing software in order to avoid Larry's clutches.

I presume that Larry is simply replying to an RFP but what scary is that these kinds of contracts ever go anywhere near the public sector. How will the DOD verify the "intentions" of the Chinese dev team, or the Iranian encryption genuis or the Israeli microchip expert that is working in one of the less obvious Oracle departments ?

If the staff aren't yours, you have no control over anything. Even when they are it is not an easy task.. ( Snowden ring any bells).

Re: Lock In

Snowden was a contractor for Booz, Allen, Hamilton. I get what you're saying and no, it isnt an easy task to manage staff, but he wasn't an actual NSA/CSS employee at the time he started collecting "evidence", or committing "treason" as some would put it.

Plus NSA/CSS Hawaii is fairly new, and there are always a ton of contractors of varying quality around during the initial period of a new facility, and as NSA/CSS isn't a service department, alot of times they have to hire contractors because it is VERY hard for a Civilian to get a job with them directly and there are limits in the amount of personnel spaces that the Service Departments have to support them.

The contractors don't seem to have the same levels of scrutiny, which I'm quite sure is going to change. The people who process security clearances for Government and Military employees or servicemembers (OPM) are different than the people who do it for contractors (DSS) as well, the measures are supposed to be the same but I've often wondered if they aren't after seeing the quality of some contractors who held clearances that were probably higher than they needed to be. It really wouldn't surprise me if they don't completely get rid of DSS after all this.

FOSS is in use across the Military. Hate to break it to you Larry.

Wow. Really?

Open Source has its place in Military applications. Larry and his cronies are most likely trying to get a contract away from Red Hat or IBM, and its most likely not gonna happen because of a bunch of Marketing Drone FUD. I dont know who Oracle are targeting but the Army already decided on someone else IIRC. It might be the Navy/Marines or Air Force. The Air Force seems to like Oracle so it makes sense if it is them, but its a bit like preaching to the choir.

But trust me, FOSS is in use in the Armed Forces and the DoD's various and sundry agencies. Widely.

Everywhere the Military can save a buck, especially since the Sequester started, they're either doing already, or are looking into possibly doing. Honestly if MS doesn't get their shit together really quickly in regard to Armed Forces use cases, they just might find the service departments bailing on them for desktop and productivity software, as well as DISA and the wider DoD. Windows 8 in its current form is not going to fly among the Colonels, Generals, Chief Warrant Officers, First Sergeants and Sergeants Major WHO TYPE IN ALL CAPS BECAUSE ITS LIKE STRANGLING YOU THROUGH THE KEYBOARD. Its too different.

Windows 7 on bare metal or virtualized would work, a virtualized Linux, or something like PC-BSD would. Hell actually, going to VMs would be much like going back to our roots in Armed Forces computing, we used to use Sperry, Remington-Rand, and IBM mainframes over thin clients/terminals for damned near everything up until the 90's. When my dad was in the Navy during the 80's they were still using punch cards. We have a box of unused cards actually somewhere around here. From what the old timers told me when I first came in, things worked better that way. And some parts of the Military still use Mainframes, like DFAS, the people who pay us.

Oracle's products are in use also, but unfortunately its usually Java, and in very poor places for it. For instance the Air Force uses Java applets for handling Privacy Act and FOUO information for recruiting and personnel management, and the Army does as well sometimes.

Also, we use FOSS for our public and semi-public presence, go see what www.us.army.mil, the main unsecured web portal for Soldiers is being served by. Its Apache. I believe www.army.mil is over Apache as well. DVIDS is Apache running on Ubuntu, and since thats run by Third Army, you get an idea of what ARCENT is running for their infrastructure. It varies by formation though, SOUTHCOM's using IIS for instance.

Also if it didn't have a place, SELinux/FLASK would not exist, or at least it wouldn't be funded. Some of you in the FOSS community may not like who funds it, as it is a six (or seven if you count the slash) letter agency that none of you correctly name in your collective bitching about them. But it works for what it is, and you're better off with it than without it.

Oh well, in the end you can't blame Oracle for being Oracle I guess. They never really change. They're bullshit artists but they consistently bullshit everyone.

No conspiracy here, but the 160th SOAR, who more commonly known as the Nightstalkers use black helicopters, so the icon works.

There was only *one* "original" ORACLE!

Larry Ellison used to be a really nice guy, but he became really bitter and twisted after Oracle lost the ITV teletext franchise. Freed from writing "Hit Reveal to show the answer" quizzes and one-page reviews of the latest Betty Boo single, his mind turned to revenge.

His first invention was an interference maker to corrupt Teletext's content so that Digitiser pages would occasionally display errant garbled '$' symbols and the like over their reviews of Mega Drive games. However, revenge was no longer enough for him, and he resolved to become the amoral, greedy, humungously rich bastard we all know today.

Also, Ellison's comments may come across as bulls*** rantings, but viewed in the context of being scaremongering designed to promote his own self-interest and nothing else, they're quite sensible- and let's face it, that's all Ellison has ever cared about. Except the ITV teletext franchise, that is.

Turkeys campaigning against xmas has started early

The maturing of open source?

Much of the whitepaper makes sense, the real challenge with open source is long term development and maintenance, ie. ownership, with closed source, such matters are much simpler to assess and resolve. As has been pointed out on another recent el reg comments thread, getting regulatory approval for support arrangements based on volunteer 'community' forums isn't going to happen, but getting support etc. from an organisation that has people working on the product is. Hence why companies such as Red Hat have been able to grow and prosper.

Oracle, as an established closed source vendor, is trying to reposition itself as both a closed source and open source vendor, so that it can benefit from the growing unbundled services market surrounding open source, whilst also maintaining a premium on their closed source products and associated services. In some ways the dynamic is similar to what happened with hardware in the late 80's early 90's, when it largely became commodity and companies unbundled the services and became systems integrators.

What this means is that if there is an open source project you particularly like which has a potential for enterprise use then now is the time to create a services business plan and get investment backing to take that project over, otherwise expect the established players to hoover up projects.

My prediction is that within 10 years all the various open source components being proposed for use by the NHS in the Spine 2.0 project will largely be controlled by established corporations. So yes open source in principle allows you to take on Red Hat say, but in reality getting the financial backing to do that will be challenging, so effectively open source will resemble closed source...

Re: The maturing of open source?

The problem here is simple: have you actually tried to use Oracle's support?

If you have (and we are talking from experience of the ex-Sun storage appliances they still sell) it is useless. Report bugs and other problems for your several tens of thousands of $LUCRE per year support contract and - nothing. You might get the odd fix as part of the occasional update, but you talk and talk and escalate to managers who talk and talk and all of the time DAMN ALL is being done to actually implement a fix.

In fact, worse that an orphaned open source project because you simply can't fix it yourself, nor can you employ anyone else to fix it if your software skills and/or resources are not up to it.

They're right, except on one minor point..

You shouldn't call Oracle but my company instead ;-)

A little more seriously.. They do have a point of course. For example; if you look at scalability then yes, there are plenty of open source projects out there which could very give you a lot of trouble at the very moment your demand goes up. And if you insist on continuing to use those products there will be extra costs involved to make sure everything continues to work.

What Oracle isn't telling though is that Open Source has already matured to a point where you get a choice. We're no longer in the ages of "If you want a webserver you got Apache" or "if you need SQL then here's MySQL". Instead we got a lot more: there's NGinx, Roxen, LightHTTPD, Tomcat, Jetty (If you fancy Java), Savant (for the Windows minded environments).

Right, I know nothing about software devleopment.....

that's the domain of my missus, I'm just a lowly end user (I know, I know...) BUT

I do know enough that "hidden costs" can't possibly include labour charges, unless you're some kind of brain dead cretin. Surely the number one cost in software development, or indeed the development of pretty much anything, is fucking labour costs?

The DoD should challenge Oracle with this question.

"Who will support our software if you cease to exist?"

One of the BIG big things about Open Source is that, if all else fails, you still have the documentation of last resort: the source code. Even if all commercial support disappears, someone with the necessity could examine the source code to solve problems. For a military application, that can become a security issue and one closed-source inherently cannot accommodate.

Re: The DoD should challenge Oracle with this question.

That's simple. If the DoD are using Oracle's software then they can't let control of Oracle fall into the wrong hands so they must control the Oracle shareholding and appointment of managers and staff - by taking it into direct government control.

Yeah Oracle worked so well for the NHS Spine that it's being replaced by...

Worked on the original spine in Leeds for BT. We had oodles of Oracle types, we had Oracle tuning experts, Oracle driven hardware purchasing up the kazoo, excess machinery "just in case" etc.etc.

Gee it's worked so well that the Spine 2 is going all nosql & OSS

One wonders why given

"Overall, the paper is decently balanced, raising real risks associated with software development even if its tone, narrative and a section recounting problems with an open-source-based health records program open source all suggest strongly that development based on open source software is a silly idea for the DoD to contemplate."

& given the "fair & balanced" nature of the piece that Spine 1 was not used as a counter example....

Does show a level of desperation though esp when one considers official UK gov policy such as:

Re: What a load of bollocks

Of course "hidden source" is fine for th DoD, after all Oracle is a US company.

Not like all those pesky furriners.

Who knows what traps and malware are being installed with their products?

Shock news. What the software's made out of makes very little difference to the project outcome.

Things like a)Setting a fixed date for the end of the requirements process b)Setting up a change list for any thing where the client wants to "move the goal posts" after that c)Putting complexity, time and budget estimates on those (IOW "Yes Admiral Douchbag you can have that change. It'll cost an additional $50m and take about 3 months to implement and test. BTW let me congratulate you that you've made 10x as many requirement change request as any other member of the client team and they are 4x as expensive as all of everyone else requests combined")

Of course people could follow the advice of most text books and bench option and buy the one that fits their needs straight out of the box best.

Might have some valid points

I don't think the paper says straight out "open source is bad". It seems to focus on the idea that private companies may already be able to support open source better than running your own division to do so.

It is questionable whether the DoD can in fact run any large scale software projects successfully internally. I don't care whether its based on open source or not. I am 100% sure, they can do it better than Lockheed, Boeing, Honeywell or other contractors. Oracle may well be better suited to manage projects than DoD. I think it's a toss up really.

Whatever the case, the DoD would at least be able to handle revisioning and have a staff auditing incoming software changes that up to this point, they probably didn't. So even if it's a room full of DoD enployees maintaining a distribution based on CentOS or Ubuntu and only letting changes in which are verified at a code level, it could be a good thing.

Now the question is, where would the military get the coders who are skilled enough to audit as such?

What You Really Need...

...is good support. Properly good support that actually works, will pick up the phone when called and give you useful answers. If you can find someone to support FOSS, great. If that means finding a good proprietary product from a good helpful company, great. In my time I have found both with great success.

We saved millions in the Gov't by switching to PostgreSQL from Oracle

This report may have some truth in it, but the real truth is open source can be an 80-95% solution at 0% of the licensing fees. I worked for a group that switched from Oracle to PostgreSQL when our licensing was over $2.3 M per year. Postgres was a little quirky at first, but its transaction rate was about 85% of Oracles on the same hardware and we could live with that. The extra $2 M of funding sure can go a long way in making up that 15% transaction rate loss. The group is now using accumulo for the subsequent software iteration.